Chetan Mehrotra created SLING-2623:
--------------------------------------
Summary: Simplifying usage of JAAS based authentication with
Repository in OSGi
Key: SLING-2623
URL: https://issues.apache.org/jira/browse/SLING-2623
Project: Sling
Issue Type: New Feature
Components: JCR
Reporter: Chetan Mehrotra
Currently Sling uses LoginModulePlugin to provide pluggable authentication
support. I have been working on a poc to enable similar pluggable support based
on JAAS. Complete details are provided at [1]. This work consisted of two parts
1. Simplify usage of JAAS in OSGi env - This is currently being
discussed/implemented as a new bundle in Apache Felix. Refer to FELIX-3705 [2]
2. Modify Sling to make use of new JAAS support - This is implemented in Sling
fork at [3]. Details about changes required in Sling are provide below
This issue is created to capture the overall details. If required separate
issues can be created to implement specific parts. All changes can be seen at
[3]. Kindly provide your feedback/comments on the proposed approach :)
Feature Details
===========
A - New org.apache.sling.jcr.jackrabbit.base bundle
------------
A new jar/bundle is added which provide some common classes which simplify
Jackrabbit integration in OSGi env. Currently it provides two features
* DelegatingLoginModule - This LoginModule acts as a bridge between OSGi and JR
layer. It is based on Approach B explained in [1]
* PrincipalProviderTracker - It is used to provide an OSGi based
PrincipalProviderRegistry which follows the whiteboard pattern to collect
PrincipalProviders
B - Changes in Jackrabbit Server bundle
------------
The Jackrabbit server bundle has been modified to make use of the new features
* Repository config is modified to
** Use the DelegatingLoginModule
** Use the OsgiAwareSecurityManager which uses the OSGi based
PrincipalProviderRegistry
* SlingDefaultLoginModule - A new module is exposed as part of this bundle's
API. Any other bundle which earlier implemented the LoginModulePlugin can
extend this login module and integrate with Sling Repository authentication
* pom.xml - It has been modified to expose the supported LoginModules and
certain security related packages
C - Changes in Form authentication bundle
------------
The Form authentication bundle has been modified to regsiter a
LoginModuleFactory. This uses the new approach to provide LoginModules as
explained at [2],[4]
"Changes in Sling" section of [1] provides more details on the changes done
[1] https://github.com/chetanmeh/c/wiki/Jaas-in-OSGi-with-Jackrabbit-and-Sling
[2] https://issues.apache.org/jira/browse/FELIX-3705
[3] https://github.com/chetanmeh/sling/compare/jaas-osgi-adv
[4] https://github.com/chetanmeh/c/wiki/JAAS-in-OSGi
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
